Re: Sun's Java keytool and OpenSSL RSA cert
Dr S N Henson wrote: making sure there's no summary info before BEGIN CERTIFICATE and seeing if you can find what format keytool wants. Uuumpf! Yes, my fault (turning red): I did not remove the text before BEGIN CERTIFICATE line. Sorry. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sun's Java keytool and OpenSSL RSA cert
So, now keytool can recognize the certificate your OpenSSL generates? I was having problem with keytool several weeks ago. It always returns "unrecognized format" when I was trying to import certificate generated with OpenSSL into the keystore. I sent the message to user group and nobody replied. Could you let me know what you did step by step? Any help is appreciated. Xiaohua - Original Message - From: Michael Ströder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 8:12 AM Subject: Re: Sun's Java keytool and OpenSSL RSA cert Dr S N Henson wrote: making sure there's no summary info before BEGIN CERTIFICATE and seeing if you can find what format keytool wants. Uuumpf! Yes, my fault (turning red): I did not remove the text before BEGIN CERTIFICATE line. Sorry. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sun's Java keytool and OpenSSL RSA cert
Xiaohua Cheng wrote: So, now keytool can recognize the certificate your OpenSSL generates? Yes. keytool of JDK 1.3, X509v3 server cert with some extensions. It always returns "unrecognized format" when I was trying to import certificate generated with OpenSSL into the keystore. Try to convert it to DER format with openssl x509 -outform der to avoid any format problems. I sent the message to user group and nobody replied. Could you let me know what you did step by step? Assuming you already have a valid key store. keytool -genkey -alias "test" keytool -certreq -file test.req -alias "test" openssl ca ... -in test.req -out test.crt keytool -import -file test.crt -alias "test" I might have forgotten some options. See keytool -h. It's not that different from using openssl. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sun's Java keytool and OpenSSL RSA cert
In fact, I had problem with X509v1 server cert. I didn't have problem with v3 cert when I generate the ca cert. When I signed a csr wih a ca cert (got v1 cert), I got the format problem. Xiaohua - Original Message - From: Michael Ströder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 19, 2000 10:58 AM Subject: Re: Sun's Java keytool and OpenSSL RSA cert Xiaohua Cheng wrote: So, now keytool can recognize the certificate your OpenSSL generates? Yes. keytool of JDK 1.3, X509v3 server cert with some extensions. It always returns "unrecognized format" when I was trying to import certificate generated with OpenSSL into the keystore. Try to convert it to DER format with openssl x509 -outform der to avoid any format problems. I sent the message to user group and nobody replied. Could you let me know what you did step by step? Assuming you already have a valid key store. keytool -genkey -alias "test" keytool -certreq -file test.req -alias "test" openssl ca ... -in test.req -out test.crt keytool -import -file test.crt -alias "test" I might have forgotten some options. See keytool -h. It's not that different from using openssl. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]